Identity theft is the fastest growing crime in America. In 2005 10 million Americans had their identities stolen. In 2003, consumers lost $5 billion dollars and business almost $50 billion dollars as a result of identity theft. In particular, educational institutions such as colleges and universities suffer the highest rate of personal data security breaches that may lead to identity theft of students, parents and faculty. As of May 1, 2006, educational institutions accounted for 30% of all such security breaches—according to the Privacy Rights Clearinghouse.
Computers and computer networks often store, transmit and/or receive large amounts of personally identifiable and other sensitive information of the computer users, their customers and/or other parties in various locations that are often unknown to or forgotten about by the computer users. This can become a significant problem in the event of a security breach of a network or a computer system containing such information, and/or in the event a computer containing sensitive information is lost, stolen or otherwise discarded. Although the location and/or existence of the information may be unknown to or forgotten about by the computer user, it is often easily obtained when the computer/network is accessed by a thief/hacker. Therefore, it would be beneficial to provide a system that identifies and locates personally identifiable and other sensitive information and that takes steps to protect such information from improper or unauthorized access in the event a security breach of the computer/network occurs.
Because of the risks associated with collection and storage of personally identifiable and other sensitive information, various industry groups and others have advocated and/or required that entities which receive and/or store personally identifiable and/or sensitive information adopt and implement burdensome security standards and measures. For example, if a business or institution is utilizing a credit card to accept payment from its customers, the business or institution must comply with certain PCI DSS (Payment Card Industry Data Security Standard) or CISP (Cardholder Information Security Program) standards when handling sensitive information of its customers, such as the credit card number, name, etc. For many businesses and institutions, the PCI DSS or CISP standards can be so burdensome that the businesses or institutions will choose not to accept payment via credit cards or to limit severely the circumstances under which credit card payment will be accepted. Nevertheless, accepting credit card payments could provide opportunities that might not otherwise be available to those businesses and/or institutions. It would be beneficial, therefore, to offer a method and system by which a merchant or other enterprise needing to receive and/or access personally identifying or other sensitive information could seamlessly and transparently use and/or otherwise receive the benefits of receiving and using such information without being required to comply with burdensome security standards.